CircleID

I think there is a fundamental issue here, you can't redraw the perimeter if the OS is compromised. You can't make a secure channel on an untrusted system. You can try, you can have Java code that is signed, and tried to check itself in memory, and ... but ultimately if the system calls it is using can't be trusted to do what they are suppose to it can't know what is happening around it.

Probably the best we can do is something like my bank, which has a separate device that provides a code to authorize transactions. Thus the computer isn't involved in the authorization process other than as a messenger. Although if someone compromised my machine there are other easier channels to emptying my bank account than trying to transfer it out of my account using my online banking facility.

I'm not sure malware is a difficult problem. Sure it is a big problem, partly due to monoculture, but as you indicate most of the problem now is in the users, and the interface to them.

The difference between corporate Microsoft systems and home Microsoft systems is largely of Microsoft's making. Vista already moved away from the principal of most privilege in the home user versions, but it did it in a half hearted and muddled fashion.

The next step for Microsoft Windows on the technical side is to catch up with the GNU/Linux systems in terms of software distribution. My desktop patches every piece of software for which is patch is available every day, from one source of digitally signed code using one reliable method.

On the Windows XP machine I use sometimes, after it boots, Microsoft, Sun Java, Apple, Adobe, Macromedia, the antivirus program, Firefox, Thunderbird, all try and update their software with varying mechanisms, and as soon as one of these mechanisms breaks the box is stuck with the current version of that software till someone fixes the specific update mechanism (usually by reinstalling a newer version of that application manually). The end users routinely dismiss the "upgrade now" buttons as they just want to use the machine to do something, not watch software installing. Worse yet if they see a "install this antivirus update" dialog box some of them will click on it thinking it is genuine because it is the kind of thing they are conditioned to do.

Not one of these update mechanisms used on Windows is as reliable as the single one I use on GNU/Linux, even through the one I use relies heavily on volunteer effort, donated servers and bandwidth etc. The main reason being they all rely on the program being started (by the user), or starting one of dozens of helper apps when the user logs in, or IE working, or Microsoft Update (which seems to get in a mess on a regular basis all by itself), or the user entering proxy data (when behind a proxy) or entering authorization keys.

The most common method of owning a PC these days is probably out of date browser plug-ins (Flash, Real, Adobe etc....).